| View previous topic :: View next topic |
| Author |
Message |
tialohitc
Joined: 14 Sep 2009
Posts: 10
|
 Posted: Fri Apr 16, 2010 9:42 am Post subject: Need help with bridge (connecting two sites) |
 |
|
Hi!
Please see attached image of setup:
I want to Bridge Site A and Site B in a way that a PC at Site A can ping, share, etc. with any PC on Site B as if plugged in there. (PC A2 and PC A3 arent in use yet - testing only with PC A1)
VPN is setup and functions perfectly.
I created a Bridge00 on each site: VPN-Interface + local-Lan-Interface
I assigned one IP of the private Network in use to each bridge (192.168.0.200, 192.168.0.201)
LAN interface on PC A1 (Windows 7) is set to automatic and that works fine: PC A1 gets an IP assigned by DCHP-B (from the other site).
And now here's the problem:
PC A1 can ping only 192.168.0.200 and 192.168.0.201
ZS-A can ping only ZS-B (but not PC A1)
ZS-A can arp only PC A1 and ZS-B
ZS-B can arp and ping ZS-A
ZS-B can arp, but not ping PC A1
Any hints or ideas anyone how i get that bridge fully functional?
Could routing be the problem? At Site B all PCs (except for ZS-B) use GW-B as default GW - as assigned by DHCP-B. ZS-A only has the dynamically assigned GW-A.
Thank you all very much in advance! |
|
| Back to top |
|
 |
ppalias
Joined: 17 Dec 2008
Posts: 1020
Location: Athens, Greece
|
| Posted: Fri Apr 16, 2010 12:52 pm Post subject: |
|
|
Looks fine to me.
You generally cannot ping PC A1, maybe due to a firewall rull on windows.
Routing has nothing to do here, as all of your network is in the same broadcast domain. You just assign the default gateway for internet reachability and you assign the closest ZS.
The way I see it your bridge is functioning properly. |
|
| Back to top |
|
|
tialohitc
Joined: 14 Sep 2009
Posts: 10
|
| Posted: Fri Apr 16, 2010 1:05 pm Post subject: |
|
|
Hi ppalias,
Thanks for your reply.
Firewalls etc. crossed my mind too, but that shouldn't prevent ZS-A successfully arping PC Bn?
| Quote: | | You just assign the default gateway for internet reachability and you assign the closest ZS. |
What exactly do you mean. Can you talk me through the steps as you would have done it?
| Quote: | | The way I see it your bridge is functioning properly. |
Thats the weird thing. The actual bridge is up and running. Just the two sites behind it seem to not fully "see" each other.
I don't need any forwarding or other fw rules on the zs, do I?
Thank you so very much!!! |
|
| Back to top |
|
|
ppalias
Joined: 17 Dec 2008
Posts: 1020
Location: Athens, Greece
|
| Posted: Fri Apr 16, 2010 1:42 pm Post subject: |
|
|
ARP is usually not affected by firewalls, at least the common and most used. If you block ARP you are risking to lose connectivity, so blocking it is not that easy.
Regarding the other one with the gateway, I meant that PC Ax and ZS Site A should use default gateway the GW A and the others GW B. However this doesn't provide failover in case GW A or B goes down.
ZS should be fine without messing with the firewall or any other setting on the BRIDGE interface. |
|
| Back to top |
|
|
tialohitc
Joined: 14 Sep 2009
Posts: 10
|
| Posted: Fri Apr 16, 2010 4:25 pm Post subject: |
|
|
That's what I thought. Thanks for confirming.
But it still doesn't work... Too strange.
I'll try to do more testing with linux boxes only 
I'll keep you posted! |
|
| Back to top |
|
|
tialohitc
Joined: 14 Sep 2009
Posts: 10
|
| Posted: Tue Apr 20, 2010 8:26 pm Post subject: |
|
|
Problem found and solved.
ZS at Site B failed to bring up interfaces in promisc mode since it was in fact virtualised. I wasn't aware of that...
Activating promisc mode on the respective port group solved all above mentioned issues.
Thank you very much again for your help! |
|
| Back to top |
|
|
ppalias
Joined: 17 Dec 2008
Posts: 1020
Location: Athens, Greece
|
| Posted: Wed Apr 21, 2010 9:35 pm Post subject: |
|
|
| Damn those virtual machines... |
|
| Back to top |
|
|
|
Search
Register
Usergroups
Profile
Log in
Private Message
